...despite the uptick in reported computer attacks, network break-ins, and data breaches the volume of hack attacks is not rising. What has changed is that hacker groups such as Anonymous and LulzSec have gotten media savvy creating an illusion of an escalating cyberwar that in reality does not exist.

The following may be "overkill" for many a SOHO pf implementation, but this motherboard comes with FOUR (4) embedded intel (em) NICs. It retails for approx. CAD$235. You may use either of, E3-1200 series XEON, or I3-2100 series CPU. (For price reference, a quad-port intel NIC is typically CAD$400+ by itself.)

The i3-2100 CPU is at a nice price point and provides more than enough punch for SOHO/SMB deployments.

Essentially what that rules means is match incoming IPv4 packets matching "any" source address (..you could put from any in that rule) to your external IP address (egress) on TCP port 443 (https) and redirect/rewrite/pass the packet to an internal private address on the same port.

Not sure why you're using synproxy, is it because someone mentioned it once? did you read the documentation to see if it was appropriate?

I'm using synproxy because rocket357 suggested it might be a good idea since my 3Com router was constantly getting knocked offline due to syn-flood DoS attacks. Trying to do anything online these past six months has been an exercise in frustration because of the constant disconnections. Since I permanently switched over to my OpenBSD router six days ago I haven't experienced a single second of down time. Well, that's not entirely true, I had a few lockups on the BSD box on the first day but that was an over heating issue which was quickly solved. My BSD router is functioning beautifully with the firewall rule set I am using. Now I am trying to understand exactly what all the contents of of my pf.conf file mean and do. Unfortunately I'm one of those people who can read something a hundred times and it still might not sink in, but show me how to do something once and I'll remember it forever. The problem is trying to find the time to learn all this new stuff.

The problem I'm trying to solve now is how to connect to my internal web servers via URL rather than using the IP address of the box. I don't need to be able to do this, I just want to do this so that I can understand how it works.

As I mentioned, I've read the instructions here http://www.openbsd.org/faq/pf/rdr.html and made the appropriate changes to my inetd.conf and pf.conf files but it still doesn't work. All my Google searches end up taking me to the same FAQ.

If I understand you correctly, you want hosts on the internal network accessing your local server using the domain name?

As jggimi stated, a method of configuring this could be to have your DNS serve the internal address to clients on the Internet network.. however the following should be adequate to rewrite requests from your LAN to your external IP and replace them with the address of your internal service.

If I understand you correctly, you want hosts on the internal network accessing your local server using the domain name?

As jggimi stated, a method of configuring this could be to have your DNS serve the internal address to clients on the Internet network.. however the following should be adequate to rewrite requests from your LAN to your external IP and replace them with the address of your internal service.

That's exactly what I want but the line your provided above isn't working for me. I had to change the port to http since that is what the host is expecting. Here is the entire pf.conf with the new addition you gave.

I've played around with that line changing in to out, different ports and destinations and it still won't let me connect to internal servers via domain names. My basic understanding of that rule tells me that it should work but it's not. It's little things like this that keep me up all night trying to figure it out rather than calling it quits and trying again tomorrow.